tools,doc: add guards against prototype pollution when creating proxies

[aduh95]

When defining a Proxy, the handler object could be at risk of prototype
pollution when using a plain object literal:

// User-land
Object.prototype.get = () => 'Unrelated user-provided data';
// Core
const objectToProxy = { someProperty: 'genuine value' };
const proxyWithPlainObjectLiteral = new Proxy(objectToProxy, {
  has() { return false; },
});
console.log(proxyWithPlainObjectLiteral.someProperty); // Unrelated user-provided data
const proxyWithNullPrototypeObject = new Proxy(objectToProxy, {
  __proto__: null,
  has() { return false; },
});
console.log(proxyWithNullPrototypeObject.someProperty); // genuine value

[nodejs-github-bot]

Review requested:

• @nodejs/tsc

[LiviaMedeiros]

LGTM with a nit

[nodejs-github-bot]

CI: https://ci.nodejs.org/job/node-test-pull-request/44575/

[ChALkeR]

LGTM

[nodejs-github-bot]

CI: https://ci.nodejs.org/job/node-test-pull-request/44593/

[nodejs-github-bot]

CI: https://ci.nodejs.org/job/node-test-pull-request/44599/

[nodejs-github-bot]

Commit Queue failed

- Loading data for nodejs/node/pull/43391
✔  Done loading data for nodejs/node/pull/43391
----------------------------------- PR info ------------------------------------
Title      tools,doc: add guards against prototype pollution when creating proxies (#43391)
   ⚠  Could not retrieve the email or name of the PR author's from user's GitHub profile!
Branch     aduh95:proxy-prototype-pollution -> nodejs:main
Labels     tools, author ready, needs-ci, commit-queue-squash
Commits    4
 - tools,doc: add guards against prototype pollution when creating proxies
 - fixup! tools,doc: add guards against prototype pollution when creatin…
 - fixup! tools,doc: add guards against prototype pollution when creatin…
 - Update tools/eslint-rules/avoid-prototype-pollution.js
Committers 2
 - Antoine du Hamel 
 - GitHub 
PR-URL: https://github.com/nodejs/node/pull/43391
Reviewed-By: James M Snell 
Reviewed-By: LiviaMedeiros 
Reviewed-By: Сковорода Никита Андреевич 
------------------------------ Generated metadata ------------------------------
PR-URL: https://github.com/nodejs/node/pull/43391
Reviewed-By: James M Snell 
Reviewed-By: LiviaMedeiros 
Reviewed-By: Сковорода Никита Андреевич 
--------------------------------------------------------------------------------
   ℹ  This PR was created on Sun, 12 Jun 2022 11:53:36 GMT
   ✔  Approvals: 3
   ✔  - James M Snell (@jasnell) (TSC): https://github.com/nodejs/node/pull/43391#pullrequestreview-1004583796
   ✔  - LiviaMedeiros (@LiviaMedeiros): https://github.com/nodejs/node/pull/43391#pullrequestreview-1007161498
   ✔  - Сковорода Никита Андреевич (@ChALkeR) (TSC): https://github.com/nodejs/node/pull/43391#pullrequestreview-1007417535
   ✔  Last GitHub CI successful
   ℹ  Last Full PR CI on 2022-06-15T20:46:03Z: https://ci.nodejs.org/job/node-test-pull-request/44599/
- Querying data for job/node-test-pull-request/44599/
   ✔  Last Jenkins CI successful
--------------------------------------------------------------------------------
   ✔  No git cherry-pick in progress
   ✔  No git am in progress
   ✔  No git rebase in progress
--------------------------------------------------------------------------------
- Bringing origin/main up to date...
From https://github.com/nodejs/node
 * branch                  main       -> FETCH_HEAD
   70b516e4db..9119382555  main       -> origin/main
✔  origin/main is now up-to-date
main is out of sync with origin/main. Mismatched commits:
 - 9119382555 tools: report unsafe string and regex primordials as lint errors
--------------------------------------------------------------------------------
HEAD is now at 9119382555 tools: report unsafe string and regex primordials as lint errors
   ✔  Reset to origin/main
- Downloading patch for 43391
From https://github.com/nodejs/node
 * branch                  refs/pull/43391/merge -> FETCH_HEAD
✔  Fetched commits as 70b516e4dbdf..a92ce2efa40a
--------------------------------------------------------------------------------
Auto-merging test/parallel/test-eslint-avoid-prototype-pollution.js
CONFLICT (content): Merge conflict in test/parallel/test-eslint-avoid-prototype-pollution.js
Auto-merging tools/eslint-rules/avoid-prototype-pollution.js
CONFLICT (content): Merge conflict in tools/eslint-rules/avoid-prototype-pollution.js
error: could not apply 86dc079e91... tools,doc: add guards against prototype pollution when creating proxies
hint: After resolving the conflicts, mark them with
hint: "git add/rm ", then run
hint: "git cherry-pick --continue".
hint: You can instead skip this commit with "git cherry-pick --skip".
hint: To abort and get back to the state before "git cherry-pick",
hint: run "git cherry-pick --abort".
   ✖  Failed to apply patches

https://github.com/nodejs/node/actions/runs/2505466684

[aduh95]

Landed in 358008f